opendut icon indicating copy to clipboard operation
opendut copied to clipboard
verified publisher icon eclipse-opendut

Support mTLS for client authentication

Open mbfm opened this issue 3 months ago • 0 comments

It should be possible to host our backend on a server with mutual authentication as second-factor for authenticating a client (2FA).

Tasks:

  • [ ] Configure Traefik in Localenv with mTLS enabled https://doc.traefik.io/traefik/https/tls/#client-authentication-mtls
    • [x] Depends on: #380
    • [ ] Allow manual creation of client certificates via script in Localenv
    • [ ] Perform test deployment of Localenv
    • [ ] Test with client certificates from other CA
  • [ ] Load mTLS certificate in EDGAR
    • [ ] Check OpenTelemetry client works (backend should be covered by Traefik)
  • [ ] Load mTLS certificate in CLEO
  • [ ] Load mTLS certificate in NetBird client NetBird likely supports mTLS in more recent versions: https://github.com/netbirdio/netbird/pull/2188
    • [ ] Depends on: #378
  • [ ] Check LEA works (should only need certificate installed in browser)
  • [ ] Check Grafana works (should only need certificate installed in browser)

mbfm avatar Sep 15 '25 11:09 mbfm